[squid-dev] OpenSSL 1.1 regression
Christos Tsantilas
christos at chtsanti.net
Thu May 18 16:04:29 UTC 2017
On 18/05/2017 03:40 μμ, Amos Jeffries wrote:
> On 18/05/17 23:12, Christos Tsantilas wrote:
>> + # check for API functions
>> + AC_CHECK_LIB(ssl, SSL_CTX_get0_certificate,
>> [AC_DEFINE(HAVE_SSL_CTX_GET0_CERTIFICATE, 1, [SSL_CTX_get0_certificate
>> is available])], [])
>> +
>
> This bit seems to be correct.
>
> Given the .cc file sequence of macro tests I think we can speed up
> ./configure a bit by moving the use of
> SQUID_CHECK_OPENSSL_GETCERTIFICATE_WORKS into the if-not-found [] path.
>
> eg.
>
> AC_CHECK_LIB(ssl, SSL_CTX_get0_certificate, [
> AC_DEFINE(HAVE_SSL_CTX_GET0_CERTIFICATE, 1, [SSL_CTX_get0_certificate
> is available])
> ],[
> # check for bugs and hacks in the old OpenSSL API
> SQUID_CHECK_OPENSSL_GETCERTIFICATE_WORKS
> ])
I am attaching a new patch.
In this patch I moved the SQUID_CHECK_OPENSSL_GETCERTIFICATE_WORKS as
you suggested.
But also my last patch was buggy, the AC_CHECK_LIB did not search at the
correct directories for libssl library.
In this patch I moved the "SQUID_STATE_ROLLBACK(squid_openssl_state)"
line some lines down to have the correct libraries search path.
Is it ok, or it is better to open a new SQUID_STATE_SAVE/ROLLBACK just
for AC_CHECK_LIB?
PS. Finally, this easy to fix issue, is one more prove that it is better
to not start fixing files involved with this satanic tool called autoconf!
>
> Amos
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fix-crash-with-openssl-1.1.0-squid-5-t3.patch
Type: text/x-patch
Size: 4722 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-dev/attachments/20170518/36e1bdca/attachment-0001.bin>
More information about the squid-dev
mailing list